标签:url example new group 密码 cti serve section ipaddress
cat /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
sysctl -p
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.10.230
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.233 dev eth0 label eth0:0
192.168.10.234 dev eth0 label eth0:1
}
}
cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
listen stats
mode http
bind 0.0.0.0:8888
stats enable
log global
stats uri /s
stats auth admin:admin
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
listen web1
bind 192.168.10.233:80
mode tcp
log global
server 192.168.10.222 192.168.10.222:8080 check inter 3000 fall 2 rise 5
server 192.168.10.223 192.168.10.223:8080 check inter 3000 fall 2 rise 5
listen web2
bind 192.168.10.234:80
mode tcp
log global
server 192.168.10.222 192.168.10.222:80 check inter 3000 fall 2 rise 5
server 192.168.10.223 192.168.10.223:80 check inter 3000 fall 2 rise 5
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.10.231
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.233 dev eth0 label eth0:0
192.168.10.234 dev eth0 label eth0:1
}
}
cat /etc/haproxy/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
listen stats
mode http
bind 0.0.0.0:8888
stats enable
log global
stats uri /s
stats auth admin:admin
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
listen web1
bind 192.168.10.233:80
mode tcp
log global
server 192.168.10.222 192.168.10.222:8080 check inter 3000 fall 2 rise 5
server 192.168.10.223 192.168.10.223:8080 check inter 3000 fall 2 rise 5
listen web2
bind 192.168.10.234:80
mode tcp
log global
server 192.168.10.222 192.168.10.222:80 check inter 3000 fall 2 rise 5
server 192.168.10.223 192.168.10.223:80 check inter 3000 fall 2 rise 5./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
make -j4 && make install
mkdir /usr/local/nginx/conf/conf.d/
vim nginx.conf
grep -v "#|^$" /usr/local/nginx/conf/nginx.conf
user nginx;
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
include /usr/local/nginx/conf/conf.d/*.conf;
}
[root@nginx1 conf.d]# ls
upstream_server.conf web1.conf web2.conf
[root@nginx1 conf.d]# cat *.conf
upstream login_server {
server 192.168.10.230:8080 weight=1 fail_timeout=5s max_fails=3;
server 192.168.10.231:8080 weight=1 fail_timeout=5s max_fails=3;
}
server {
listen 80;
server_name www.test.com;
location / {
root /data/nginx/html/web1;
}
location /login {
proxy_pass http://login_server;
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 80;
server_name m.test.com;
location / {
root /data/nginx/html/web2;
}
location /login {
proxy_pass http://login_server;
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
mkdir /data/nginx/html/{web1,web2}
echo www.test.com > /data/nginx/html/web1/index.html
echo m.test.com > /data/nginx/html/web2/index.html
[root@jenkins ~]# ssh-keygen
[root@jenkins ~]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtCUibkVNdvEid4wbbF4Qrl//yDpYzW+4gfHW57ERVRvanrJLy8TKMrKc5Zw9ytSSJqi+S8LG0J9CREseW3eOt1BZfkaBzRiNYSBS3KCJxYRrfhC2aIsEmPfraPOi0Q+wJT+BK3gO69qShhRfsTFW3rQvdVR1tG4W1hIkJJE6dCUCfaiP1unWM90PQA0itvxJ1eDZHSp7fzkPP7SHdMZXJhlupGRBRrLwFojbF0qLjj3a9DoD5TUgz7RFRXxWfJmL9bCYQVGeu+xckt+FcACc0Lptr+VmWoDI30uI5DpyuZc+BU4CFIGo88Cg/2HSe5RzEL3o0EvfDbDvJIrxvcpCN root@jenkins
部署安装参考 https://www.cnblogs.com/fina/p/11213564.html
无需输入密码
[root@jenkins ~]# git clone git@192.168.10.254:web233/web1.git
Cloning into 'web1'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.若发现jenkins起不来
yum install jenkins-2.138.4-1.1.noarch.rpm
systemctl start jenkins
vim /etc/init.d/jenkins
candidates="
/apps/jdk/bin/java //目录加第一行
/etc/alternatives/java
/usr/lib/jvm/java-1.8.0/bin/java
/usr/lib/jvm/jre-1.8.0/bin/java
/usr/lib/jvm/java-1.7.0/bin/java
/usr/lib/jvm/jre-1.7.0/bin/java
/usr/bin/java
"
vim /etc/sysconfig/jenkins
JENKINS_JAVA_CMD="$candidate"
systemctl daemon-reload
systemctl start jenkins
mkdir /data/git/projectname -pv
git clone git@192.168.10.254:web233/login.git
mv README.md index.html
git add ./*
git commit -m "`date +%Y-%m-%d_%H-%M-%S`"
git pushssh-copy-id 192.168.10.222
ssh-copy-id 192.168.10.223#!/bin/bash
whoami
DATE=`date +%Y-%m-%d_%H-%M-%S`
ACTION=$1
HOST=$2
function IP_List(){
if [[ ${HOST} == "Host1" ]];then
Server_IP="192.168.10.230"
echo ${Server_IP}
elif [[ ${HOST} == "Host2" ]];then
Server_IP="192.168.10.231"
echo ${Server_IP}
# ssh root@192.168.10.220 ""echo enable server webs/${Server_IP}"| socat stdio /var/lib/haproxy/haproxy.sock"
# echo "${node} 从192.168.10.220 添加成功"
# ssh root@192.168.10.221 ""echo enable server webs/${Server_IP}"| socat stdio /var/lib/haproxy/haproxy.sock"
# echo "${node} 从192.168.10.221 添加成功"
elif [[ ${HOST} == "HostAll" ]];then
Server_IP="192.168.10.230 192.168.10.231"
echo ${Server_IP}
fi
}
function Code_Clone(){
CodeLink=git@192.168.10.254:web233/login.git
cd /data/git/projectname && rm -rf login && git clone ${CodeLink}
echo "克隆代码完成"
}
function Make_Zip(){
cd /data/git/projectname/login && tar czvf login.tar.gz ./*
echo "打包完成"
}
function Down_Node(){
for node in ${Server_IP};do
#ssh root@192.168.10.220 ""echo disable server webs/${node}"| socat stdio /var/lib/haproxy/haproxy.sock"
ssh root@192.168.10.222 "cd /usr/local/nginx/conf/conf.d/ && sed 's/^ server ${node}:8080*/ #server ${node}:8080/g' upstream_server.conf -i && nginx -s reload"
echo "${node} 从nginx 服务器上 192.168.10.222 移除成功"
#ssh root@192.168.10.221 ""echo disable server webs/${node}"| socat stdio /var/lib/haproxy/haproxy.sock"
ssh root@192.168.10.223 "cd /usr/local/nginx/conf/conf.d/ && sed 's/^ server ${node}:8080*/ #server ${node}:8080/g' upstream_server.conf -i && nginx -s reload"
echo "${node} 从nginx 服务器上 192.168.10.223 移除成功"
done
}
function Stop_Tomcat(){
for node in ${Server_IP};do
ssh www@${node} "/etc/init.d/tomcat stop"
echo "tomcat服务关闭成功"
done
}
function Start_Tomcat(){
for node in ${Server_IP};do
ssh www@${node} "/etc/init.d/tomcat start"
echo "tomcat服务开启成功"
done
}
function Scp_Codefile(){
cd /data/git/projectname/login/
WEB_DIR=/data/tomcat/webapps/login
DIR_NAME=/data/tomcat/tomcat_webdir/login-${DATE}
APP_NAME=/data/tomcat/tomcat_appdir/login-${DATE}.tar.gz
for node in ${Server_IP};do
scp login.tar.gz www@${node}:${APP_NAME}
ssh www@${node} "mkdir ${DIR_NAME} && tar xvf ${APP_NAME} -C ${DIR_NAME} && rm -rf ${WEB_DIR} && ln -sv ${DIR_NAME} ${WEB_DIR}"
done
}
function Web_Test(){
for node in ${Server_IP};do
NUM=`curl -s -I -m 10 -o /dev/null -w %{http_code} http://${node}:8080/login/index.html`
if [[ ${NUM} -eq 200 ]];then
echo "${node} 测试通过"
Add_Node ${node}
else
echo "${node} 测试失败,请检查TOMCAT服务"
fi
done
}
function Add_Node(){
node=$1
echo ${node} "----"
if [ ${node} == "192.168.10.222" ];then
echo "192.168.10.231 部署完成,请进行代码测试"
ssh root@192.168.10.222 "cd /usr/local/nginx/conf/conf.d/ && sed 's/^ #server ${node}:8080*/ server ${node}:8080/g' upstream_server.conf -i && nginx -s reload"
echo "${node} 从nginx 服务器192.168.10.222 添加成功"
ssh root@192.168.10.223 "cd /usr/local/nginx/conf/conf.d/ && sed 's/^ #server ${node}:8080*/ server ${node}:8080/g' upstream_server.conf -i && nginx -s reload"
echo "${node} 从nginx 服务器192.168.10.223 添加成功"
else
ssh root@192.168.10.222 "cd /usr/local/nginx/conf/conf.d/ && sed 's/^ #server ${node}:8080*/ server ${node}:8080/g' upstream_server.conf -i && nginx -s reload"
echo "${node} 从192.168.10.220 添加成功"
ssh root@192.168.10.223 "cd /usr/local/nginx/conf/conf.d/ && sed 's/^ #server ${node}:8080*/ server ${node}:8080/g' upstream_server.conf -i && nginx -s reload"
echo "${node} 从192.168.10.221 添加成功"
fi
}
function RollBack(){
for node in ${Server_IP};do
NEW_VERSION=`ssh www@${node} ""/bin/ls -l -rt /data/tomcat/tomcat_webdir/|awk -F " " '{print $9}'|tail -n1""`
echo ${NEW_VERSION}
NAME=`ssh www@${node} ""/bin/ls -l -rt -d /data/tomcat/tomcat_webdir/login-*|grep -B 1 ${NEW_VERSION} | head -n1 | awk '{print $9}'""`
ssh www@${node} "rm -rf /data/tomcat/webapps/login && ln -sv ${NAME} /data/tomcat/webapps/login"
done
}
function CleanGz(){
for node in ${Server_IP};do
NUM=`ssh www@${node} "/bin/ls -l -rt -d /data/tomcat/tomcat_appdir/login-*|wc -l"`
for((;$NUM>7;NUM--));do
#ssh www@${node} "rm -rf `/bin/ls -l -rt -d /data/tomcat/tomcat__appdir/login-* | head -n1 | awk '{print $9}'`"
DEL_NAME=`ssh www@${node} ""/bin/ls -l -rt -d /data/tomcat/tomcat_appdir/login-* | head -n1 | awk '{print $9}'""`
ssh www@${node} "rm -rf ${DEL_NAME}"
echo "${node} 清理成功 ${DEL_NAME}"
done
done
}
function Del_History_Ver(){
for node in ${Server_IP};do
NUM=`ssh www@${node} "/bin/ls -l -rt -d /data/tomcat/tomcat_webdir/login-*|wc -l"`
for((;$NUM>5;NUM--));do
#ssh www@${node} "rm -rf `/bin/ls -l -rt -d /data/tomcat/tomcat_webdir/login-* | head -n1 | awk '{print $9}'`"
DEL_NAME=`ssh www@${node} ""/bin/ls -l -rt -d /data/tomcat/tomcat_webdir/login-* | head -n1 | awk '{print $9}'""`
ssh www@${node} "rm -rf ${DEL_NAME}"
echo "${node} 清理成功 ${DEL_NAME}"
done
done
}
main(){
case ${ACTION} in
Deploy)
IP_List;
Code_Clone;
Make_Zip;
Down_Node;
Stop_Tomcat;
Scp_Codefile;
Start_Tomcat;
Web_Test;
Del_History_Ver;
CleanGz;
;;
RollBack)
IP_List;
Down_Node;
Stop_Tomcat;
RollBack;
Start_Tomcat;
Web_Test;
;;
esac
}
main $1 $2 $3
tar xf jdk-8u221-linux-x64.tar.gz
ln -sv /apps/jdk1.8.0_221 /apps/jdk
tar xf apache-tomcat-8.5.43.tar.gz
ln -sv /apps/apache-tomcat-8.5.43 /apps/tomcat
ps -ef |grep tomcat|grep -v grep |awk '{print $2}'
因为是做实验,我们关掉一些功能
vim /apps/tomcat/conf/server.xml
<Host name="localhost" appBase="/data/tomcat/webapps"
unpackWARs="flase" autoDeploy="flase">
useradd www -u 2000
mkdir -p /data/tomcat/webapp
chown www.www /apps/tomcat/ -R
chown www.wwww /data/tomcat/webapp -R
[root@tomcat1 ~]# cat /data/tomcat/webapps/testapp/index.jsp
tomcat1 192.168.10.230
[root@tomcat2 ~]# cat /data/tomcat/webapps/testapp/index.jsp
tomcat2 192.168.10.231#!/bin/bash
##
###
####
JDK_HOME=/apps/jdk
CATALINA_HOME=/apps/tomcat
export JDK_HOME CATALINA_HOME
source /etc/profile
#PID=`ps -ef | grep -v grep | grep java | awk '{print $2}'`
#NUM=`ps -ef | grep -v grep | grep java | awk '{print $2}' | wc -l`
#case $1 in
start(){
echo "正在判断服务状态,请稍等!"
echo "请稍等3秒钟"
echo "3";sleep 1;echo "2";sleep 1; echo "1";sleep 1
if netstat -an | grep 8080 | grep LISTEN > /dev/null;then
echo "tomcat 已经正在运行了"
else
echo “tomcat没有运行,1秒后启动”
echo 1;sleep 1
$CATALINA_HOME/bin/catalina.sh start
echo “tomcat 已经成功启动完成,5秒后判断是否启动成功”
echo "5";sleep 1;echo "4";sleep 1
echo "3";sleep 1;echo "2";sleep 1; echo "1";sleep 1
if netstat -an | grep 8080 | grep LISTEN > /dev/null;then
PID=`ps -ef | grep -v grep | grep java | awk '{print $2}'`
NUM=`ps -ef | grep -v grep | grep java | awk '{print $2}' | wc -l`
echo "tomcat 已经成功启动 ${NUM}个tomcat进程,PID为${PID}"
else
echo "tomcat启动失败,请重新启动"
echo 1
fi
fi
}
stop(){
NUM1=3
PID=`ps -ef | grep -v grep | grep java | awk '{print $2}'`
NUM=`ps -ef | grep -v grep | grep java | awk '{print $2}' | wc -l`
echo "3";sleep 1;echo "2";sleep 1; echo "1";sleep 1
if netstat -an | grep 8080 | grep LISTEN > /dev/null
then
echo "tomcat运行中,1秒关闭"
echo "1";sleep 1
echo "tomcat即将关闭,请稍等"
$CATALINA_HOME/bin/catalina.sh stop;echo "tomcat正在关闭"
sleep ${NUM1}
echo "3";sleep 1;echo "2";sleep 1; echo "1";sleep 1
pkill java && pkill tomcat
if netstat -an | grep 8080 | grep LISTEN > /dev/null;then
PID=`ps -ef | grep -v grep | grep java | awk '{print $2}'`
NUM=`ps -ef | grep -v grep | grep java | awk '{print $2}' | wc -l`
kill -9 $PID;echo "tomcat is fail ${NUM}"
else
echo "tomcat 已经关闭完成"
echo "3";sleep 1;echo "2";sleep 1; echo "1"
fi
else
echo "tomcat没有运行"
echo 1
fi
if netstat -an | grep 8080 | grep LISTEN > /dev/null; then
PID=`ps -ef | grep -v grep | grep java | awk '{print $2}'`
echo "tomcat is fail"
sleep 2
pkill tomcat;sleep 2
if netstat -an | grep 8080 | grep LISTEN > /dev/null;then
echo "tomcat is fail"
pkill java;sleep2
fi
fi
}
restart(){
stop
start
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
*)
echo $"USAGE: $0 {start|stop|restart|status}"
esac标签:url example new group 密码 cti serve section ipaddress
原文地址:https://www.cnblogs.com/petewell/p/11601692.html
